Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: setuid scripts in SunOS 4.1.x

From: Valdis.Kletnieks () vt edu (Valdis.Kletnieks () vt edu)
Date: Wed, 28 Sep 1994 12:22:03 +22306356

On Wed, 28 Sep 1994 01:02:48 EDT, John Hawkinson said:

Excuse me?

When we say FIXING THE KERNEL, we MEAN DISABLING SETUID SCRIPTS.

If you have some other reasonable mechanism, I'd be interested in
hearing it...


Well, I have heard from some people who understand this rat's nest
of race conditions that most, if not all, the holes can be closed if
your kernel has proper support - basically, you need the /dev/fd file
descriptor driver, and instead of simply exec()'ing the #! interpreter
with the file as input (which is subject to a race condition), you
launch the interpreter with a /dev/stdin already nailed down to the
original (dev,inode) pair, thus prohibiting substitution on the fly.

That's another mechanism, it's reasonable, but it's not 100% backward
combatable...

                                Valdis Kletnieks
                                Computer Systems Engineer
                                Virginia Tech
Previous By Date Next
Previous By Thread Next

Current thread: